public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Zachary Amsden <zach@vmware.com>
To: Ingo Molnar <mingo@elte.hu>
Cc: Rusty Russell <rusty@rustcorp.com.au>,
	lkml - Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Linus Torvalds <torvalds@osdl.org>,
	virtualization <virtualization@lists.osdl.org>,
	Gerd Hoffmann <kraxel@suse.de>
Subject: Re: [PATCH] Gerd Hoffman's move-vsyscall-into-user-address-range patch
Date: Tue, 16 May 2006 01:16:52 -0700	[thread overview]
Message-ID: <44698A74.3090400@vmware.com> (raw)
In-Reply-To: <20060516064723.GA14121@elte.hu>

Ingo Molnar wrote:
> * Rusty Russell <rusty@rustcorp.com.au> wrote:
>
>   
>> AFAICT we'll pay one extra TLB entry for this patch.  Zach had a patch 
>> which left the vsyscall page at the top of memory (minus hole for 
>> hypervisor) and patched the ELF header at boot.
>>     
>
> i'd suggest the solution from exec-shield (which has been there for a 
> long time), which also randomizes the vsyscall vma. Exploits are already 
> starting to use the vsyscall page (with predictable addresses) to 
> circumvent randomization, it provides 'interesting' instructions to act 
> as a syscall-functionality building block. Moving that address to 
> another predictable place solves the virtualization problem, but doesnt 
> solve the address-space randomization problem.
>   

Let's dive into it.  How do you get the randomization without 
sacrificing syscall performance?  Do you randomize on boot, dynamically, 
or on a per-process level?  Because I can see some issues with 
per-process randomization that will certainly cost some amount of cycles 
on the system call path.  Marginal perhaps, but that is exactly where 
you don't want to shed cycles unnecessarily, and the complexity of the 
whole thing will go up quite a bit I think.

Zach

  reply	other threads:[~2006-05-16  8:23 UTC|newest]

Thread overview: 43+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-05-16  6:03 [PATCH] Gerd Hoffman's move-vsyscall-into-user-address-range patch Rusty Russell
2006-05-16  6:47 ` Ingo Molnar
2006-05-16  8:16   ` Zachary Amsden [this message]
2006-05-16  8:40     ` Chris Wright
2006-05-16  8:59       ` Zachary Amsden
2006-05-17  7:49   ` Rusty Russell
2006-05-18  7:54     ` Ingo Molnar
2006-05-18  8:29       ` Gerd Hoffmann
2006-05-20  0:43     ` Andrew Morton
2006-05-20  1:03       ` Ingo Molnar
2006-05-20  1:11         ` Andrew Morton
2006-05-20  1:15           ` Linus Torvalds
2006-05-20  8:53             ` [patch] i386, vdso=[0|1] boot option and /proc/sys/vm/vdso_enabled Ingo Molnar
2006-05-20  9:26               ` Andrew Morton
2006-05-20  9:30                 ` Zachary Amsden
2006-05-20  9:43                   ` Zachary Amsden
2006-05-20  9:48                   ` Andrew Morton
2006-05-20 10:04                     ` Zachary Amsden
2006-05-21  4:38                       ` Rusty Russell
2006-05-21  9:35                         ` Rusty Russell
2006-05-21  9:52                           ` Andrew Morton
2006-05-21 10:41                           ` Ingo Molnar
2006-05-21 11:06                             ` Rusty Russell
2006-05-20  9:54                 ` Ingo Molnar
2006-05-20 10:16                 ` [patch] add print_fatal_signals support Ingo Molnar
2006-05-21 11:03                 ` [patch] i386, vdso=[0|1] boot option and /proc/sys/vm/vdso_enabled Ingo Molnar
2006-05-21 11:38                   ` Ingo Molnar
2006-05-21 12:33                     ` Andrew Morton
2006-05-21 14:10                 ` Arjan van de Ven
2006-05-22 14:32                   ` Alexey Kuznetsov
2006-05-20  1:16           ` [PATCH] Gerd Hoffman's move-vsyscall-into-user-address-range patch Zachary Amsden
2006-05-20  1:49           ` Andi Kleen
2006-05-20  1:24       ` Arjan van de Ven
2006-05-22 16:29       ` Jakub Jelinek
2006-05-22 16:44         ` Zachary Amsden
2006-05-22 17:14           ` Andrew Morton
2006-05-22 17:27             ` Ingo Molnar
2006-05-22 17:46               ` Linus Torvalds
2006-05-22 19:09                 ` Ingo Molnar
2006-05-22 19:40                   ` Linus Torvalds
2006-05-22 19:14                 ` Adrian Bunk
2006-05-22 19:45                   ` Linus Torvalds
2006-05-22 17:53               ` Andrew Morton

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=44698A74.3090400@vmware.com \
    --to=zach@vmware.com \
    --cc=kraxel@suse.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@elte.hu \
    --cc=rusty@rustcorp.com.au \
    --cc=torvalds@osdl.org \
    --cc=virtualization@lists.osdl.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox